'ldap_config'=> array(
// Définition des paramètres de connexion à l'annuaire
),
+ 'useUserCredentials' => [boolean],
'LSauth' => array (
'method' => [LSauth method]
),
</listitem>
</varlistentry>
+<varlistentry>
+ <term>useUserCredentials</term>
+ <listitem>
+ <simpara>Booléen définissant si il faut utiliser les identifiants de l'utilisateur pour
+ se connecter à l'annuaire (<emphasis>false</emphasis> par défaut). Si cette option est
+ activée, la connexion à l'annuaire LDAP sera établie avec la configuration fournie dans
+ le paramètre <emphasis>ldap_config</emphasis> en écrasant les informations de connexion
+ (<emphasis>binddn</emphasis> et <emphasis>bindpwd</emphasis>) par ceux de l'utilisateur.
+ Si l'utilisateur n'est pas encore connecté, la connexion sera étalie sans modifier la
+ configuration fournie.
+ </simpara>
+ </listitem>
+</varlistentry>
+
<varlistentry>
<term>LSprofiles</term>
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
- * @param[in] $config array Tableau de configuration au formar Net_LDAP2
+ * @param[in] $config array Tableau de configuration au format Net_LDAP2
*
* @retval void
*/
}
/**
- * Connection
+ * Connect to LDAP server
*
- * Cette methode établie la connexion à l'annuaire Ldap
+ * This method establish connection to LDAP server
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
- * @param[in] $config array Tableau de configuration au formar Net_LDAP2
+ * @param[in] $config array LDAP configuration array in format of Net_LDAP2
*
- * @retval boolean true si la connection est établie, false sinon
+ * @retval boolean true if connected, false instead
*/
public static function connect($config = null) {
if ($config) {
}
/**
+ * Reconnect (or connect) with other credentials
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ *
+ * @param[in] $dn string Bind DN
+ * @param[in] $pwd array Bind password
+ * @param[in] $config array LDAP configuration array in format of Net_LDAP2
+ *
+ * @retval boolean true if connected, false instead
+ */
+ public static function reconnectAs($dn,$pwd,$config) {
+ if ($config) {
+ self :: setConfig($config);
+ }
+ if (self :: $cnx) {
+ self :: $cnx -> done();
+ }
+ $config=self :: $config;
+ $config['binddn']=$dn;
+ $config['bindpw']=$pwd;
+ self :: $cnx = Net_LDAP2::connect($config);
+ if (Net_LDAP2::isError(self :: $cnx)) {
+ LSerror :: addErrorCode('LSldap_01',self :: $cnx -> getMessage());
+ self :: $cnx = NULL;
+ return;
+ }
+ return true;
+ }
+
+ /**
* Déconnection
*
* Cette methode clos la connexion à l'annuaire Ldap
// The LSauht object of the session
private static $LSauthObject = false;
+ // User LDAP credentials
+ private static $userLDAPcreds = false;
+
/**
* Include un fichier PHP
*
if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
LSdebug('LSsession : Session existente');
// --------------------- Session existante --------------------- //
- self :: $topDn = $_SESSION['LSsession']['topDn'];
- self :: $dn = $_SESSION['LSsession']['dn'];
- self :: $rdn = $_SESSION['LSsession']['rdn'];
- self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
- self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
+ self :: $topDn = $_SESSION['LSsession']['topDn'];
+ self :: $dn = $_SESSION['LSsession']['dn'];
+ self :: $rdn = $_SESSION['LSsession']['rdn'];
+ self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
+ self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
+ self :: $userLDAPcreds = $_SESSION['LSsession']['userLDAPcreds'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
self :: $LSuserObject = $LSuserObject;
self :: $dn = $LSuserObject->getValue('dn');
self :: $rdn = $LSuserObject->getValue('rdn');
+ if (isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
+ self :: $userLDAPcreds = LSauth :: getLDAPcredentials($LSuserObject);
+ if (!is_array(self :: $userLDAPcreds)) {
+ LSerror :: addErrorCode('LSsession_14');
+ self :: $userLDAPcreds = false;
+ return;
+ }
+ if (!LSldap :: reconnectAs(self :: $userLDAPcreds['dn'],self :: $userLDAPcreds['pwd'])) {
+ LSerror :: addErrorCode('LSsession_15');
+ return;
+ }
+ }
self :: loadLSprofiles();
self :: loadLSaccess();
LStemplate :: assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
'topDn' => self :: $topDn,
'dn' => self :: $dn,
'rdn' => self :: $rdn,
+ 'userLDAPcreds' => self :: $userLDAPcreds,
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
if (!self :: loadLSclass('LSldap')) {
return;
}
- LSldap :: connect(self :: $ldapServer['ldap_config']);
+ if (self :: $dn && isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
+ LSldap :: reconnectAs(self :: $userLDAPcreds['dn'], self :: $userLDAPcreds['pwd'],self :: $ldapServer['ldap_config']);
+ }
+ else {
+ LSldap :: connect(self :: $ldapServer['ldap_config']);
+ }
if (LSldap :: isConnected()) {
return true;
}
LSerror :: defineError('LSsession_13',
_("LSsession : The function of the custom action %{name} does not exists or is not configured.")
);
- // 14 -> 16 : not yet used
+ LSerror :: defineError('LSsession_14',
+ _("LSsession : Fail to retreive user's LDAP credentials from LSauth.")
+ );
+ LSerror :: defineError('LSsession_15',
+ _("LSsession : Fail to reconnect to LDAP server with user's LDAP credentials.")
+ );
+ // 16 : not yet used
LSerror :: defineError('LSsession_17',
_("LSsession : Error during creation of list of levels. Contact administrators. (Code : %{code})")
);